What is GDPR?
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection.
It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. KINESISdance is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
What are your rights?
GDPR includes 7 rights for individuals:
1) The right to be informed
We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s’ full names, addresses, date of birth, along with any SEN requirements or health issues/requirements.
As an employer, KINESISdance is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK.
2) The right of access
At any point an individual can make a request relating to their data and KINESISdance will need to provide a response (within 1 month). We can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, KINESISdance has a legal duty to keep children’s and parents details for a reasonable time. KINESISdance will retain these records for 1 year after leaving classes, including any accident and injury records for Child Protection records.
Staff records must be kept for a number of years after the member of leaves employment, before they can be erased. This data is securely stored and shredded after the legal retention period.
4) The right to restrict processing
Parents, visitors and staff can object to KINESISdance processing their data. This means that records can be stored but must not be used in any way, for example examination applications, reports or for communications.
5) The right to data portability
KINESISdance sometimes requires data to be transferred from one IT system to another; such as from one member of staff to another, or to UDO for exams and competitions (when this comes into play). These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling.
This is not relevant to KINESISdance as it relates to marketing websites and businesses.
Storage & Use of Personal Data
All paper copies of children's and staff records are kept in a locked folder either at the class venue within a locked cupboard or at my (Helen Brown) home address. Members of staff can have access to these files but information taken from the files about individual children is confidential and apart from archiving, these records remain on the relevant site at all times. These records are shredded after the retention period.
Information about individual children is used in certain documents, such as, a weekly register, waiting lists or medication forms. These documents include data such as children's names, date of birth and an emergency contact number but no addresses. These records are shredded after the relevant retention period.
KINESISdance stores personal data held visually in photographs or video clips. No names are stored with images in photo albums, displays, on the website or on KINESISdance's Facebook or Twitter pages.
Access to my laptop is password protected and only used by me. Any portable data storage used to store personal data, e.g. USB memory sticks, are password protected and/or stored in a locked cupboard.
What We Use Your Data For?
to carry out any services you have requested from us;
to send you emails and messages directly related to classes attended by you or your child;
to ensure that content from our Website is presented in the most effective manner for you;
to allow you to use any interactive features of our service if required;
to notify you about changes to our services;
to ask for feedback reviews about services we have provided;
to create adverts and promotional material for KINESISdance (photos and videos may be used if permission is specifically given, but no names will be used);
to provide you with other marketing information, products or services that you request from us or which we feel may interest you
WHO HAS ACCESS TO YOUR INFORMATION?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Updating Your Information
The accuracy of your information is important to us. If you change email address, emergency contact information, telephone number, or any of the other information we hold for, or if you suspect it is inaccurate or out of date, please email us at: firstname.lastname@example.org, contact us via our Facebook page: www.facebook.com/kinesisdanceuk, or you can telephone us on 07886440154.